Mozilla squashes critical bugs in Firefox Mozilla on Monday issued an update for Firefox that fixes four critical security bugs in the popular open-source browser, including one exposed last week that could make it easy for attackers to spoof SSL certificates used to secure websites. The vulnerability meant Firefox could be tricked by rogue certificates, a potentially …
Would any of the available (widely accepted) certificate authorities accept a certificate request with a "\0" prepended to the CN? If their software prevents them from seeing this then that's also a vulnerability IMHO. If they see it and then accept it they have some kind of procedural error again IMHO.
It was an error of course, but this sort would probably be assigned a low CVSS Base Score. (Still under review http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2408).
Much worse is the Mozilla advisory 2009-43 "Heap overflow in certificate regexp parsing"... :-)
"Why people use this one? He say "most secure way to surf the web" on the front but it have a bug every new day which risks me having computer germs and filth installed. I don't use because we have IE free and it works fast."
You're an idiot. Think about it. It's considered far more secure than IE because when vulnerabilities are found, they're patched, and patched a damn sight faster than those in IE.
You Fail to understand.... again. But then again I think your'e really Steven Ballmer in disguise, your posts seem to make about as much sense and the rubbish Steve spouts most of the time.
FF updated silently this morning... I'm now safe from this bug. Care to tell me when other browsers will be fixed?
lets face it. Firefox is just as bug riddled and insecure as IE. Don't try and dirty the water by talking about old versions of IE from history. In the case we may as well talk about the bugs in old versions of Netscape and Mozilla as current fact too.
These people pour bile over every other browser yet won't face the fact that their own is and always has been full of holes and has also become slow and bloated in just four short years. Though not as bloated as the bank balances of the people who work there. I wonder how they're changing their lifestyles in the wake of the recession. Hmmmm.
And it's not even as if it has a strong record on standards support. It was the last browser other than IE to pass the Acid2 test in a public release. That's like a failed athlete showing off about running faster than a man in a wheelchair. And as for Acid3... [tumbleweed]
Switch to IE8 for an easier life or one of the other browsers if you have an angry bee in your bonet about standards and security.
You say me an "idiot" which is not very nice from you.
Why you take it granted that he is more safe because they fix the bugs quicker and more often? How about it is only necessary to fix so many times because they are many more security vulnerability in the beginning? It is not enough to just say what you say - my logic is equal and valid so I am not an idiot like you say.
Who are the people who "it is considered far more secure" like you say? I see lots on the board here who do not agree - perhaps they call you idiot too?
Anyways you are not a nice person I think.
You're either a troll, an idiot, or both.
"they are many more security vulnerability in the beginning" Okay then, prove it - after all, in your own words, "It is not enough to just say what you say".
Anyway, if you weren't interested in using Firefox, why did you read this thread, let alone respond to it?
There's no muddying of the waters at all.
Face the facts! Whether FF has as many bugs is irrelevant, the reason IE is less secure is that it is far and away the most widely TARGETED browser.
Which is less secure, a car with both doors unlocked while sitting in an unlocked barn in your back yard, or a car with only one door unlocked sitting in a shopping center parking lot?
IE users have always been, and for the next few years of MS OS dominance will continue to be, far far less secure and we haven't even considered the extra configurability, limitations in features that add to security from FF add-ons.
If you're used to using IE or forced to, good luck to you because it and the associated Outhouse Express are both still the most prevalent way that malware spreads. It could be claimed that it's because more people use this software but once again we're back to that being the reason why these softwares' flaws are targeted, and actually, exploited.
Being open and quick with fixes instead of sitting on them for over a year like MS has done till something is propagating the web and forcing their hand is the right way to minimize vulnerability.
Ever heard of "Patch Tuesday"? Note to Microsoft: If I wanted you to sit on patches, I'd bloody well ask you to. Let's apply that to other areas of life. How about "Bathing Saturday" or "Eating Wednesday"?
I'll get my coat, I've a lot more to write on Text Tuesday.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
